Significant enhancements to Microsoft’s suite of security solutions were announced during the latest Microsoft Ignite Conference. All designed to empower Security Operations Center (SOC) professionals in protecting assets and data more efficiently. Here’s a glimpse of the key updates:
1️⃣ Microsoft Defender XDR: Formerly known as Microsoft Defender 365, this update signifies an expansion of extended detection and response (XDR) capabilities, offering native security solutions across diverse platforms, including Windows, Linux, macOS, Android, iOS, and multicloud environments (Azure, AWS, GCP). Now available!
Additional Resources:
Learn more about updates to Microsoft Defender XDR.
2️⃣ Unified Security Operations Platform: Microsoft Defender XDR and Microsoft Sentinel unite to create a robust user experience, enhanced by Microsoft Security Copilot generative AI. This integration promises heightened efficiency, streamlined operations, and simplified training for SOC analysts. Currently in private preview.
Additional Resources:
Blog: Learn more about the unification of Microsoft Defender XDR and Microsoft Sentinel.
Demo: Protect more with Microsoft Sentinel and 365 Defender together
3️⃣ Embedded Microsoft Security Copilot: A generative AI tool embedded in the unified SOC platform, Security Copilot assists analysts in improving their security information and event management (SIEM) and XDR skills, offering natural language support and aiding throughout investigations. Early access available.
Additional Resources:
Learn more about updates to Microsoft Security.
4️⃣ Optimized Data in SIEM with SOC Optimizations: This feature, in private preview, supports SOCs in maximizing the value of ingested data into Sentinel, offering recommendations to enhance coverage, save costs, and improve security against specific threats.
5️⃣ Enhanced Cloud Workload Integration: Integrating cloud workload alerts, signals, and asset information from Microsoft Defender Cloud into the XDR platform provides SOC analysts with a holistic view, spanning workspace and cloud infrastructure. Currently in preview.
6️⃣ Auto-Deployed Decoys: A preview feature leveraging Microsoft Defender for Endpoint and OpenAI’s GPT-4 generative AI model, enabling the automatic generation of decoys to detect and focus on attacks more effectively.
7️⃣ Protection of AI Apps: New capabilities in Microsoft Defender and Purview to securely prepare for the AI era, extending discovery capabilities for language model apps and enhancing data loss prevention. Currently in preview.
🆕 Microsoft Defender for Cloud Updates: Enhancements to protect multicloud and hybrid environments, including unified identity insights, DevOps security insights, improved container security, proactive attack path analysis, and improved API security posture.
